{
	"id": "283b3f32-ea0a-4e05-b871-556307952612",
	"created_at": "2026-04-06T00:08:22.324922Z",
	"updated_at": "2026-04-10T13:12:14.212239Z",
	"deleted_at": null,
	"sha1_hash": "3a84e7554d1a4600402ee54ad2c46b7a77d1ecf5",
	"title": "Cloud Security - Palo Alto Networks Blog",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 63367129,
	"plain_text": "Cloud Security - Palo Alto Networks Blog\r\nBy Mar 24, 2026 By Asaf Henig and Cameron Hyde\r\nArchived: 2026-04-05 13:11:31 UTC\r\nWhen Security Scanners Become the Weapon: Breaking Down the Trivy Supply\r\nChain Attack\r\nThe Trivy Supply Chain Attack shows how security tools can be weaponized. Learn how this 2026 breach\r\nunfolded and how Cortex Cloud blocks the threat.\r\nAppSec\r\nCloud Security\r\nThreat Prevention\r\nUnit 42\r\nVulnerability Exposed\r\nMar 24, 2026\r\nBy Asaf Henig and Cameron Hyde\r\nCloud Security\r\nhttps://redlock.io/blog/instance-metadata-api-a-modern-day-trojan-horse\r\nPage 1 of 30\n\nApplication Security\r\nCloud Posture Security\r\nCloud Runtime Security\r\nAI Security Posture Management\r\nCloud Native Application Protection Platform\r\nAnnouncement, Cloud Native Application Protection Platform, Cloud Security, CNAPP, Reports\r\nWhere Cloud Security Stands Today and Where AI Breaks It\r\nCloud security trends reveal where teams gain ground and fragmentation breaks defense. Explore insights from\r\n2,800 leaders and how cloud, identity and AI risks converge.\r\nDec 16, 2025\r\nBy Cody Queen\r\nhttps://redlock.io/blog/instance-metadata-api-a-modern-day-trojan-horse\r\nPage 2 of 30\n\nApplication Security, AppSec, ASPM, Cloud Security, DevSecOps\r\nLevel Up Your AppSec Team with an Agentic Workforce\r\nOptimize your AppSec program with Cortex Cloud. Our AI AppSec Agent automates vulnerability remediation,\r\nprioritizes risks, and stops threats before production.\r\nMar 12, 2026\r\nBy Cameron Hyde\r\nhttps://redlock.io/blog/instance-metadata-api-a-modern-day-trojan-horse\r\nPage 3 of 30\n\nCloud Infrastructure Entitlement Management, Cloud Security, IAM, Identity Security\r\nCortex Cloud Named Leader and Outperformer in the 2026 GigaOm Radar for\r\nCIE...\r\nCloud infrastructure entitlement management is foundational to CNAPP. See why Cortex Cloud was named a\r\nLeader in the 2026 GigaOm CIEM Radar.\r\nMar 05, 2026\r\nBy David Trigano and Andrea Halsted\r\nhttps://redlock.io/blog/instance-metadata-api-a-modern-day-trojan-horse\r\nPage 4 of 30\n\nASPM, Cloud Runtime Security, Cloud Security, CNAPP, Containers\r\nContainer Security: A Layer-by-Layer Guide for Security Engineers\r\nContainer security demands more than shift left. Learn how to build defense in depth across IDE, CI, registry,\r\nadmission control and runtime without a...\r\nMar 03, 2026\r\nBy Bruno Almeida and Avishai Moshka\r\nMore Blogs\r\nDisplaying 1—16 of\r\n481 results\r\nSort By:\r\nAnnouncement, Cloud Security, Cloud Security Platform, CNAPP, Code to Cloud to SOC\r\nWhy the Future of Cloud Security Is Agentic\r\nAgentic cloud security marks the shift from dashboards to autonomous action. Learn why AI agents are redefining\r\ncloud defense and closing the speed gap.\r\nFeb 25, 2026\r\nhttps://redlock.io/blog/instance-metadata-api-a-modern-day-trojan-horse\r\nPage 5 of 30\n\nBy Jonathan Bregman\r\nAnnouncement, Cloud Security, Cloud Security Platform, CNAPP\r\nClosing the Gap Between Cloud Visibility and Network Security\r\nCloud visibility improves risk prioritization by adding network security context, revealing protected paths,\r\nreducing false positives, and focusing te...\r\nFeb 17, 2026\r\nBy Alexandre Cezar and Mohit Bhasin\r\nhttps://redlock.io/blog/instance-metadata-api-a-modern-day-trojan-horse\r\nPage 6 of 30\n\nAppSec, ASPM, Cloud Security, Code Security, DevSecOps, Research\r\nAn Inside Look into ASPM: Five Findings from New Industry Research\r\nASPM is emerging as the orchestration layer for AppSec. Explore key findings in new research from Omdia on\r\nrisk reduction, automation, and tool conver...\r\nFeb 09, 2026\r\nBy Cameron Hyde\r\nhttps://redlock.io/blog/instance-metadata-api-a-modern-day-trojan-horse\r\nPage 7 of 30\n\nApplication Security, AppSec, ASPM, Cloud Security, Partners\r\nPalo Alto Networks and Veracode: Unifying Application Security from Code to...\r\nSecure your software supply chain with the Cortex Cloud and Veracode integration. Correlate code vulnerabilities\r\nwith cloud context to prioritize and ...\r\nJan 20, 2026\r\nBy Cameron Hyde\r\nhttps://redlock.io/blog/instance-metadata-api-a-modern-day-trojan-horse\r\nPage 8 of 30\n\nAI Security, AI-SPM, CIEM, Cloud Security, DSPM, Identity Security\r\nIs AI a New Challenge for Cloud Security? Yes and No.\r\nAI security challenges are accelerating as models and agents reshape cloud risk. Learn where traditional controls\r\nbreak down and how to close the AI security gap.\r\nJan 15, 2026\r\nBy Sharon Farber\r\nAppSec, ASPM, Cloud Security, CNAPP, Code to Cloud to SOC\r\nAI-Powered Cloud Security That Sees Everything and Fixes It Faster\r\nAI-powered cloud security unifies posture, runtime and AppSec with autonomous investigation, guardrails and\r\nreal-time protection to reduce risk faster...\r\nhttps://redlock.io/blog/instance-metadata-api-a-modern-day-trojan-horse\r\nPage 9 of 30\n\nJan 06, 2026\r\nBy Cody Queen\r\nAI Security, Cloud Security, Cloud Workload Protection\r\nUnderstanding API Risk in the Age of AI\r\nAPI security now sits at the center of AI risk. Learn how AI-driven traffic expands exposure and how Cortex\r\nCloud delivers discovery, prioritization and real-time protection.\r\nDec 18, 2025\r\nBy Andrea Halsted and Amit Biton\r\nhttps://redlock.io/blog/instance-metadata-api-a-modern-day-trojan-horse\r\nPage 10 of 30\n\nAI Security, Cloud Security\r\nOWASP Top 10 for Agentic Applications 2026 Is Here – Why It Matters and How...\r\nAgentic AI introduces new risks across tools, identities, supply chains and memory. Learn what the OWASP Top\r\n10 for Agentic AI means and how to secure autonomous systems.\r\nDec 10, 2025\r\nBy Jaimin Patel and Elad Koren\r\nhttps://redlock.io/blog/instance-metadata-api-a-modern-day-trojan-horse\r\nPage 11 of 30\n\nAppSec, Cloud Detection and Response, Cloud Runtime Security, Cloud Security, Supply Chain Security\r\nShai-Hulud 2.0: How Cortex Helps Protect Against the Resurgent npm Worm\r\nShai-Hulud 2.0 exposes the fragility of software supply chains. Learn how the npm worm spreads through\r\ndeveloper ecosyst...\r\nNov 26, 2025\r\nBy Cameron Hyde and Yitzy Tannenbaum\r\nCIEM, Cloud Security, IAM, Identity Security, KSPM\r\nTurning Kubernetes Last Access to Kubernetes Least Access Using KIEMPossibl...\r\nKubernetes identity security demands clarity. Learn how KIEMPossible uncovers entities, permissions and usage\r\nto help you reduce identity attack surfa...\r\nNov 25, 2025\r\nBy Golan Myers\r\nhttps://redlock.io/blog/instance-metadata-api-a-modern-day-trojan-horse\r\nPage 12 of 30\n\nData Security, Data Security Posture Management\r\nIs Your Snowflake Data at Risk? Find and Protect Sensitive Data with DSPM\r\nCloud data security is critical. Learn how Snowflake users can mitigate risks with effective data security posture\r\nmanagement (DSPM) and enhanced secu...\r\nNov 21, 2025\r\nBy Sharon Farber\r\nhttps://redlock.io/blog/instance-metadata-api-a-modern-day-trojan-horse\r\nPage 13 of 30\n\nAI Security, AI-SPM, Cloud Security\r\nExplore the OWASP Top 10 for LLMs: A New Interactive Guide\r\nAI security starts with the OWASP Top 10 for LLMs. Explore our interactive guide to uncover and mitigate the\r\nbiggest risks across your AI pipelines.\r\nNov 20, 2025\r\nBy Sharon Farber\r\nhttps://redlock.io/blog/instance-metadata-api-a-modern-day-trojan-horse\r\nPage 14 of 30\n\nCIEM, Cloud Security, DSPM, IAM\r\nAll Paths Lead to Your Cloud: A Mapping of Initial Access Vectors to Your A...\r\nInitial-access risks in AWS demand clarity. Uncover how service exposure and access-by-design flaws open cloud\r\nperimeters and learn how to secure them...\r\nNov 18, 2025\r\nBy Golan Myers and Ofir Balassiano\r\nhttps://redlock.io/blog/instance-metadata-api-a-modern-day-trojan-horse\r\nPage 15 of 30\n\nCloud Runtime Security, Cloud Security, Cloud Workload Protection, CWPP\r\nAgentless Vs. Agent-Based Scanning in Kubernetes: A Deep Dive\r\nKubernetes security depends on smart scanning. Compare agentless and agent-based approaches to find the right\r\nbalance between coverage and runtime def...\r\nNov 13, 2025\r\nBy Bruno Almeida\r\nCIEM, Cloud Security, IAM\r\nhttps://redlock.io/blog/instance-metadata-api-a-modern-day-trojan-horse\r\nPage 16 of 30\n\nRegaining Control Over Identity and Access\r\nCloud permissions outpace control. Learn how CIEM restores visibility, enforces least privilege, and secures\r\nevery identity in dynamic cloud environments.\r\nNov 12, 2025\r\nBy Shahar Livschitz\r\nCDR, Cloud Detection and Response, Cloud Runtime Security, Cloud Security\r\nLessons Ted Lasso Can Teach You About CDR\r\nTed Lasso’s lessons inspire a smarter, faster, more collaborative approach to cloud detection and response. Learn\r\nto turn chaos into confidence.\r\nNov 11, 2025\r\nBy Mohit Bhasin and Emily Rodenhuis\r\nLoad more blogs\r\nLoad more blogs\r\nMore Blogs\r\nDisplaying 1—16 of\r\n481 results\r\nSort By:\r\nhttps://redlock.io/blog/instance-metadata-api-a-modern-day-trojan-horse\r\nPage 17 of 30\n\nAnnouncement, Cloud Security, CNAPP, Code to Cloud to SOC\r\nIntroducing Cortex Cloud 2.0: Smarter Cloud Security for an AI-Driven World\r\nCortex Cloud 2.0 delivers unified protection from code to cloud to SOC, turning complexity into clarity with AI-driven prevention and response.\r\nOct 28, 2025\r\nBy Elad Koren\r\nhttps://redlock.io/blog/instance-metadata-api-a-modern-day-trojan-horse\r\nPage 18 of 30\n\nAppSec, ASPM, Cloud Security\r\nBreakdown: Widespread npm Supply Chain Attack Puts Billions of Weekly\r\nDownl...\r\nnpm supply chain attack exposed billions of downloads to risk. Learn how malicious packages spread and how to\r\nprevent threats with Cortex Cloud.\r\nSep 10, 2025\r\nBy Asaf Henig and Cameron Hyde\r\nhttps://redlock.io/blog/instance-metadata-api-a-modern-day-trojan-horse\r\nPage 19 of 30\n\nAI Security, AI Security Posture Management, DSPM\r\nModel Context Protocol (MCP): A Security Overview\r\nModel Context Protocol (MCP) introduces new AI integration risks. Learn how to manage threats like prompt\r\ninjection, credential leaks, and toolchain abuse.\r\nJun 06, 2025\r\nBy Sharon Farber\r\nhttps://redlock.io/blog/instance-metadata-api-a-modern-day-trojan-horse\r\nPage 20 of 30\n\nAI Security, Cloud Security\r\nOWASP Top 10 for Agentic Applications 2026 Is Here – Why It Matters and How...\r\nAgentic AI introduces new risks across tools, identities, supply chains and memory. Learn what the OWASP Top\r\n10 for Agentic AI means and how to secure autonomous systems.\r\nDec 10, 2025\r\nBy Jaimin Patel and Elad Koren\r\nhttps://redlock.io/blog/instance-metadata-api-a-modern-day-trojan-horse\r\nPage 21 of 30\n\nIntroducing Cortex Cloud ASPM\r\nCortex Cloud ASPM redefines application security with context-aware prevention, unified policy and runtime\r\ninsight across the full software lifecycle.\r\nAug 05, 2025\r\nBy Cameron Hyde and Sarit Tager\r\nAnnouncement, Application Security, Cloud Security, CNAPP, News and Events, Product Features, Products and\r\nServices\r\nIntroducing Cortex Cloud — The Future of Real-Time Cloud Security\r\nhttps://redlock.io/blog/instance-metadata-api-a-modern-day-trojan-horse\r\nPage 22 of 30\n\nCortex Cloud brings the world’s leading CNAPP onto the #1 SecOps platform, delivering real-time protection —\r\nfor the fir...\r\nFeb 13, 2025\r\nBy Elad Koren\r\nAI Security Posture Management, Announcement, Data Security Posture Management\r\nAI-SPM Now Generally Available: Enhancing AI Security and Compliance with\r\nP...\r\nLearn how AI Security Posture Management (AI-SPM) addresses new cloud security challenges, including model\r\nrisk, data exposure, and misuse in AI envir...\r\nAug 06, 2024\r\nBy Amol Mathur\r\nhttps://redlock.io/blog/instance-metadata-api-a-modern-day-trojan-horse\r\nPage 23 of 30\n\nAnnouncement, Cloud Security, Cloud Security Platform, CNAPP, Code to Cloud to SOC\r\nWhy the Future of Cloud Security Is Agentic\r\nAgentic cloud security marks the shift from dashboards to autonomous action. Learn why AI agents are redefining\r\ncloud defense and closing the speed gap.\r\nFeb 25, 2026\r\nBy Jonathan Bregman\r\nhttps://redlock.io/blog/instance-metadata-api-a-modern-day-trojan-horse\r\nPage 24 of 30\n\nAppSec, ASPM, Cloud Security, Code Security, DevSecOps, Research\r\nAn Inside Look into ASPM: Five Findings from New Industry Research\r\nASPM is emerging as the orchestration layer for AppSec. Explore key findings in new research from Omdia on\r\nrisk reduction, automation, and tool conver...\r\nFeb 09, 2026\r\nBy Cameron Hyde\r\nhttps://redlock.io/blog/instance-metadata-api-a-modern-day-trojan-horse\r\nPage 25 of 30\n\nApplication Security, AppSec, ASPM, Cloud Security, Partners\r\nPalo Alto Networks and Veracode: Unifying Application Security from Code to...\r\nSecure your software supply chain with the Cortex Cloud and Veracode integration. Correlate code vulnerabilities\r\nwith cloud context to prioritize and ...\r\nJan 20, 2026\r\nBy Cameron Hyde\r\nhttps://redlock.io/blog/instance-metadata-api-a-modern-day-trojan-horse\r\nPage 26 of 30\n\nAppSec, Cloud Detection and Response, Cloud Runtime Security, Cloud Security, Supply Chain Security\r\nShai-Hulud 2.0: How Cortex Helps Protect Against the Resurgent npm Worm\r\nShai-Hulud 2.0 exposes the fragility of software supply chains. Learn how the npm worm spreads through\r\ndeveloper ecosyst...\r\nNov 26, 2025\r\nBy Cameron Hyde and Yitzy Tannenbaum\r\nCloud Workload Protection Platform, DevSecOps\r\nAnnouncing Checkov 2.0: Deepening Open Source IaC Security\r\nhttps://redlock.io/blog/instance-metadata-api-a-modern-day-trojan-horse\r\nPage 27 of 30\n\nCheckov 2.0 is a graph-based, open source IaC security tool for environments with complex dependencies across\r\nresources and modules.\r\nApr 08, 2021\r\nBy Matt Johnson\r\nAnnouncement, Cloud Security, Cloud Security Platform, CNAPP\r\nClosing the Gap Between Cloud Visibility and Network Security\r\nCloud visibility improves risk prioritization by adding network security context, revealing protected paths,\r\nreducing false positives, and focusing te...\r\nFeb 17, 2026\r\nBy Alexandre Cezar and Mohit Bhasin\r\nhttps://redlock.io/blog/instance-metadata-api-a-modern-day-trojan-horse\r\nPage 28 of 30\n\nCloud Workload Protection, Cloud Workload Protection Platform\r\nAgentless vs. Agent-Based Security: How to Use Them to Stay Secure\r\nThe cloud computing industry will see a staggering compound annual growth rate of over 15% through 2028\r\nwhen its market cap is expected to exceed $1 T...\r\nFeb 09, 2023\r\nBy Aqsa Taylor\r\nCloud Native Application Protection Platform, CNAPP\r\nCode to Cloud Vulnerability Management\r\nhttps://redlock.io/blog/instance-metadata-api-a-modern-day-trojan-horse\r\nPage 29 of 30\n\nInnovative vulnerability management dashboard streamlines discovery, prioritization and remediation of vulns,\r\nensuring robust security from code to cloud.\r\nOct 26, 2023\r\nBy Alon Ben Porath and Alexandre Cezar\r\nPlatform, Research, Threat Research\r\nUnderstanding Three Real Threats of Generative AI\r\nUnderstand the real threats generative AI poses to your organization, including KYC verification bypass and\r\nimage generators, deepface generation, and malicious LLMs.\r\nMay 23, 2024\r\nBy Kyle Wilhoit\r\nLoad more blogs\r\nLoad more blogs\r\nSource: https://redlock.io/blog/instance-metadata-api-a-modern-day-trojan-horse\r\nhttps://redlock.io/blog/instance-metadata-api-a-modern-day-trojan-horse\r\nPage 30 of 30",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://redlock.io/blog/instance-metadata-api-a-modern-day-trojan-horse"
	],
	"report_names": [
		"instance-metadata-api-a-modern-day-trojan-horse"
	],
	"threat_actors": [],
	"ts_created_at": 1775434102,
	"ts_updated_at": 1775826734,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/3a84e7554d1a4600402ee54ad2c46b7a77d1ecf5.pdf",
		"text": "https://archive.orkl.eu/3a84e7554d1a4600402ee54ad2c46b7a77d1ecf5.txt",
		"img": "https://archive.orkl.eu/3a84e7554d1a4600402ee54ad2c46b7a77d1ecf5.jpg"
	}
}